License Rules
License rules detect packages and files that introduce licensing and compliance risk.
License Rule Table (Example)
| ID | Title | Description | Remediation | Tags |
|---|---|---|---|---|
| LICENSE-0001 | Strong copyleft license detected (GPL) | Identifies GPL-licensed components that may impose redistribution obligations. | Replace with a permissive alternative; review legal requirements. | license, gpl |
| LICENSE-0002 | Network copyleft license detected (AGPL) | Identifies AGPL components that can trigger obligations for network-delivered software. | Avoid AGPL unless explicitly approved; replace the dependency. | license, agpl |
| LICENSE-0003 | Unknown / restricted license | Identifies missing, unknown, or restricted licenses flagged by policy. | Confirm the license; replace the dependency; add an exception if approved. | license, restricted |
Custom Policies
License rules can also enforce organization-specific policies, such as:
- Allow only permissive licenses
- Block GPL or AGPL licenses in production repositories
- Allow GPL licenses only in internal tooling